Related
To be honest, I'm a nice guy, but when threads get filled with utter "OMG, How do I root?" posts, I get pissed off. I don't mean to backseat moderate or anything, I just really get fed up sometimes. Hence, I've broken out the hardcore side of myself, and I present:
Coburn's (mostly) failproof rootmeplz kthxbai tutorial, featuring the awesome m7 exploit.
YOU CANNOT USE THIS ROOT GUIDE TO INSTALL ANDROID 2.0.x/2.1/2.x AT THIS MOMENT IN TIME. PLEASE DO NOT ASK IF YOU CAN INSTALL ANDROID 2.x USING ROOT, AT THIS STAGE IT'S A BIG FAT NO! THANK YOU FOR YOUR ATTENTION!!
Alright.
Easy to understand, plain english guide
Download the ZIP file attached to this post. Extract the files to a safe location - perhaps C:\Tattoo ?
Now, you'll need adb for windows. You can get it from my website's server here: ADB for windows.
Make sure your device is in USB Debug Mode (Settings > Applications > Development). This is ESSENTIAL!
Extract all the files in the adb4win zip file to your C:\Tattoo folder.
Now, go to Command Prompt. In XP, it's under System Tools in Accessories. In Vista/7, it'll be under accessories.
Do the following at the command line:
C:\Users\Coburn> cd C:\Tattoo
This will change your working directory from C:\Users\Coburn (or silimar) to C:\Tattoo .
Now, at the command line, do this:
C:\Tattoo> adb-windows shell "mkdir /data/local/bin" (with the quotes!).
This makes a directory on the Tattoo under /data/local, called bin. If you get a error (like mkdir failed, file/folder exists), this is fine! Don't sweat it.
Now, run this command:
C:\Tattoo> adb-windows push m7 /data/local/bin/m7
...and wait until finish.
Run this:
C:\Tattoo> adb-windows shell "cd /data/local/bin && chmod 755 ./m7" (with the quotes!)
This allows you to run the sucker.
Now, the fun part. Run this:
C:\Tattoo> adb-windows shell
This will dump you at a "$" shell. do the following:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
...lotsa text will flow down your screen. This is normal. Sometimes the exploit causes adb to freeze up, I don't know. I think it may be due to the exploit. It worked on my mac fine though...
Soon, you'll be greeted with this:
#
This is the root prompt! If you get stuff like this:
# usage: reboot ...
usage: reboot ....
usage: reboot ...
Just keep your cool, press enter and the # will say "Boo" again. This is due the exploit spawning reboots to gain the shell.
Then, do these commands from this thread's first post:
-bm- and the hax0rs crew said:
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
[...] check if ur root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
Click to expand...
Click to collapse
When you get this:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
[... lotsa pasta ...]
#
You can do anything then! Look at /system, /data, etc etc. You're broken free, my friend, and you'll forever be free. Until you press that exit button. you didn't. You didn't press that exit button? lolwut u did? Grrrrrrr!!!
EDIT: Added Guide to remount partitions. It's below.
Now you need to install su. Exit your root shell (via CTRL+C) (NO, Coburn, are you serious? ME LOSE ROOT SHELL?! ) and download this su.zip and extract it to C:\Tattoo. DO NOT EXIT THE COMMAND PROMPT WINDOW.
Meanwhile, back at the ranch, in your command prompt window, do this:
C:\Tattoo> adb-windows push su /data/local/bin/su
Then break out a shell...
C:\Tattoo> adb-windows shell
at the $ prompt, enter:
$ chmod 755 /data/local/bin/su
$ cd /data/local/bin/
..run the exploit again via "while 'true' ; do ./m7 ; done" to get root again then enter ...
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
# mount -o rw,remount /dev/block/mtdblock5 /data
# mount -o rw,remount /dev/block/mtdblock3 /system (This line allows you to play around with files on the system partition!)
After that, you can exit out of the root shell, and try a normal shell and this:
$ /data/local/bin/su
...which should make you get a nice # prompt. (Sometimes it doesn't, for me it got su: permission denied, wtf?)
(End SU Part of guide)
Tested on Windows 7. Also works on a phone terminal emulator too!
Keep your cool peeps - I do this for fun, I'm not a fulltime android dev. I am an addict though.
Happy rootin my friends.
Cheers,
Tattoo Hacker Coburn.
Greets fly out to the geeks that hacked it originally - without you, I'd have got a nexus one.
Thanks for marsdroid for correcting an error. Kudos to you, bro!
"ANDROID - It's a virus. In a Good Way. Once it's in your system, you can't get rid of it."
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
mainfram3 said:
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
Click to expand...
Click to collapse
Noted. Will do.
LordGiotto said:
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
Click to expand...
Click to collapse
Heh, yeah. Might add that up too.
Coburn64.
Thanks Man.
Nice Thread.
Thank you Coburn
svprm said:
Coburn64.
Thanks Man.
Nice Thread.
Click to expand...
Click to collapse
Thanks bro for your thanks.
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
[ROOTING] The M7 Exploit + Newbie Guide
Easy to understand, plain english guide
Click to expand...
Click to collapse
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
-bm- said:
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
Click to expand...
Click to collapse
You're welcome. I actually wanted this thread to help your thread, I wanted to spawn a m7 exploit thread to keep the original thread (which is based on the classic m6 exploit) clean of "How do I root with m7" and such.
Keep up the good work too, bm!
Thanks Coburn, so m6 is useless..
adb shell rm /data/local/bin/m6?
thx for the work , and corrections ! deleted the ealyer post
?
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
liderzre said:
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
Click to expand...
Click to collapse
type
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
rooted
Ty. Guide is not 100% for noobs. (ME).
Problem copying files to system partition after successfull rooting
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
ronyrad said:
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
Click to expand...
Click to collapse
The problem is well known an jet we have got no explanation. It looks like an additional security system build in by HTC. That is what also prevents us from flashing Custom ROMS at the moment. Development goes on here: http://forum.xda-developers.com/showthread.php?t=631540&page=18 but there is no solution or explanation until now.
-bm-
Could it be that it seems to be that the driver (yaffs) is possibly trying to copy /system into memory, and then reflash the partition all at once (to prevent NAND/NOR tear and wear)?
this guide is in error and will for sure not work ...
you should post probberly ...specially now when things is working....
there is no reason do do a NONSENCE guide .....
thx for the work thoe
Click to expand...
Click to collapse
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Coburn64 said:
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Click to expand...
Click to collapse
don't worry for such baseless allegations coburn.... u r doing a great job. keep up this good work bro.... thanks a lot for this wonderful presentation...
waiting for ur custom ROM.....
Coburn64 u are missing a ; in the 2. while
and i dont expect the newbies to sit back and wait for the "BUUH"..
but im sure someone will....
thx again
EDIT Coburn64 fixed it
WARNING: If you don't know what chmod means, keep out of this thread. This is for developers only, and not for newbies.
I'm creating this thread for people who are cooking their own ROMs can have the correct permissions (so that the ROM doesn't fail to boot after flashing, as seen with my AzusaROM RC1b). This list will list what modes should be on files (eg. su is 04755 for root shell) in order for the ROM to read stuffs (wifi config permissions, etc).
You're welcome to add on this list! Just post and I'll add them up here.
Last updated: 10/3/10
(Start List)
/system/bin/* - 755
/system/bin/su - 04775
/system/bin/sh - 775
/system/etc/dhcpcd/dhcpcd-run-hooks - 755
(End List)
N00bs, please do not clutter this thread, this is for serious developers and ROM cookers!
Thanks man.
This will help me to cook my rom.
Stupid me go back to the stock rom and upgraded to 2.2.1 and lost the root. Ive been trying all day today by following the instruction from this tutorial(http://forum.xda-developers.com/showthread.php?t=736271) but im stuck at the rootshell command. its says permission denied. Can some one please help me..please.. is there any way to root this FRG83, please??
This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar
ilostchild said:
This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar
Click to expand...
Click to collapse
man thanks alot for your help, but im really a noob.
wud u mind telling me step by step, i know it sounds pretty stupid but pls just guide in the right direction. Much appreciated.
Ouch. I hope you can laugh about this one day. I'm sure you'll have root again.
Have you ever heard the term "curiosity kills the cat".
You knew enough to get root, revert to stock so that you could apply 2.2.1, to discover the hard way that the .1 was mainly, if nothing more than a security patch locking out root. And now need coles notes for above. Sorry, that'll be funny after you have root again.
In the meantime, I hope you find solace in paving the road for future noobs starting new from 2.2.1.
Anyway, the majority of the guide above are sequences while in ADB. You had to use some adb to get
root the first time. Google and do a little research on the subject. You need to polish up as I think the warnings above about "don't do anything until", are warnings to avoid bricking. If this procedure is that risky then your ounce of comprehension is worth a ton of hand holding.
Sent from my Nexus One using XDA App
read this thread first
my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest
ilostchild said:
my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest
Click to expand...
Click to collapse
ijust wanted to know which files to download and where to extract themm.. just lik ehow it was mentioned in the freenexus thread, it was defined so clear which fuiles to download and where,,.
Can anyone please help. thanks.
Loveact's post links you to a thread with multiple victims of the patch, links and details to get back root.
Sent from my Nexus One using XDA App
Detailed step-by-step instructions
nexusdue said:
Detailed step-by-step instructions
Click to expand...
Click to collapse
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.
If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.
kpjimmy said:
If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.
Click to expand...
Click to collapse
Do I have to double click it and run iton windows before i start the process??
is that what you mean??
junooni.1980 said:
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.
Click to expand...
Click to collapse
Congrats for not following the instructions.
nexusdue said:
Congrats for not following the instructions.
Click to expand...
Click to collapse
i did man.. can some one help me then dunno what am i m issing.. here pls.
Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.
Egypt Urnash said:
Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.
Click to expand...
Click to collapse
what is Doing 'adb shell ls ((-l /data/local/tmp' ))on your computer should get you something like this: i meant what is -I??
If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push Superuser.apk /data/local/tmp/Superuser.apk
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push su /data/local/tmp/su
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push busybox /data/local/tmp/busybox
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell chmod 755 /data/local/tmp/busybox
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
F:\ADB>exit
Click to expand...
Click to collapse
nexusdue said:
If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
Click to expand...
Click to collapse
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?
junooni.1980 said:
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?
Click to expand...
Click to collapse
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.
nexusdue said:
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.
Click to expand...
Click to collapse
I can admire how you're so annoyed but I guess i gotta suck it up cus It I who is in need.
LOL! i've been using computers for a while now & I do undrestand the folder structure pretty well why would i think that? Cus I was able to root the phone the first time.
It's just that i find the description so confusing, I use windows, dunno what OS are you on? But when you extract a zip file it creates a default folder of the same name so...
But i really don't think that my question was that hard, which shot you over the moon & piss you off and made you tell me to learn basic computing first.
All i asked was If I am suppose to make a separate folder named ADB & if I sould extract every thing in it rather than the default unzipped folder that windows makes. But I guess If you're so annoyed then i'l leave it for some one else, I am quite sure one of the purpose of this forum is to get and give help. And im pretty sure that there will be someone who can help me or perhaps i'll find a way myself. But anyways thanks alot for your time, you've been nothing but great help. LOL! And I mean it...
Use:
The main purpose is to make a file that contains all data in android specific partition. This is really handy in case of dumping leak firmwares.
Pr-requirement:
- Rooted device.
- Knowledge of how to use adb or Terminal Emulator.
The first step of making dump files out of device partitions is to locate its mounting points..!!
So in our tutorial, we will make it in 2 sections. Section 1 for how to get mounting points, and section 2 for how to get partition dumped..
Keep in mind that this is xda-university; so my target is to show beginners how to do that manually, without the aid of any tool, so they can get the concept behind it.. OK let's begin..!!
Section 1:
Getting mounting pointsThere are several methods to achieve this, but we will discuss the easiest methods that give efficient information about the partition that you want to know its mounting point.
All these methods will be described using adb shell.
Way #1
Code:
adb shell
cat /proc/partitions
This one needs from you to figure out which block belong to which partition name.!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Way #2
Code:
adb shell
ls -al /dev/block/platform/[B][COLOR="Blue"]dw_mmc[/COLOR][/B]/by-name
This one will give you info about the dev block names WITH their familiar names (i.e, boot, recovery, system... etc)
This command is not universal between devices, and you will need to gather its pieces (/dev/block/platform/dw_mmc/by-name).
How?
- In your device, use any explorer that can get you to the device root (personally I use ES Explorer, by pressing on "/" on navigation bar).
- Go to "/dev/block/platform/" folder
- Here you will see some files and folders, we need to open folders and search for the folder called "by-name" inside one of them; in my situation it was "dw_mmc" folder which has the folder "by-name" inside it.
- At the end, my targeted piece info will be (/dev/block/platform/dw_mmc/by-name)
- Now open adb shell and put that command..
Way #3
By pushing parted binary to /system/bin folder and run it (you can find it in attachment).
Code:
adb remount
adb shell "su" "" "mount -o remount,rw /system"
adb push parted /system/bin/parted
adb shell
chmod 0755 /system/bin/parted
parted /dev/block/[B][COLOR="Blue"]mmcblk0[/COLOR][/B]
print
Here, your mounting points will start with /dev/block/mmcblk0p* where (*) is the number shown in the table above for each partition.
example:
The hidden partition mounting point will be mmcblk0p10
The radio partition mounting point will be mmcblk0p7
The system partition mounting point will be mmcblk0p9
The recovery partition mounting point will be mmcblk0p6
and so on
Don't forget to "quit" the parted action after grasping your device mounting points.
N.B:
- You may need to run first:
Code:
adb shell
cat /proc/partitions
to know what is the initial name for your device partition.. In the example above, it was mmcblk0.
- Also to be able to do adb push to /system partition for parted binary, you will need insecure boot.img used in your ROM or adbd insecure installed in your device (Check this thread for that app), or just push parted binary manually by any root explorer and then fix permissions to rwxr-xr-x (755).
***
Section 2:
Dumping ROM partitionAfter locating the mounting point of the partition you want to dump, open adb shell command prompt and type:
Code:
adb shell
su
dd if=[B][COLOR="Blue"]/yourMountingPoint[/COLOR][/B] of=[B][COLOR="Green"]/yourDestination[/COLOR][COLOR="Red"]/partitionType[/COLOR][/B]
Let's say I want to take a dump out of system partition from above example. So the adb commands will be:
Code:
adb shell
su
dd if=[B][COLOR="Blue"]/dev/block/mmcblk0p9[/COLOR][/B] of=[B][COLOR="Green"]/sdcard[/COLOR][COLOR="Red"]/system.img[/COLOR][/B]
This may take a while to complete the dumping process, depending on the size of your dumped partition; so be patient..
Note:
If the partition is formatted as ext3/4 then the dumped partition will have .img as an extension.
Other partition dumps have different extensions; examples:
radio.bin
param.lfs
Sbl.bin
zImage (without extension)
***
Optional:
Read Partition ImageAfter dumping an image from android partition, you can mount it to extract a particular file for sharing, or the whole dump content in case the ROM chief wants to make a ROM out of dump files..
For Linux Users:
- Open terminal and type:
Code:
su -
mkdir -p /mnt/disk
mount -o loop [B][COLOR="Red"]yourImage.img[/COLOR][/B] /mnt/disk
cd /mnt/disk
ls -l
For Windows Users:
- Download LinuxReader from this site here.
- Open it -> Drives -> Mount Image -> Then choose your dumped image and hit Mount. A new driver will appear that contains all files inside the dumped image called "Linux native Volume 1". Just double click it to get inside the dumped image.
I hope you will find this tutorial beneficial,,,
Yours;
Actions Explanation
★ Tutorial Legends ★
In this post, I will try to explain the use of each binary used in the tutorial, so you can make sense of each action taken.
#1
Code:
adb shell
Run remote shell interactively, as if you are in linux terminal.
Click to expand...
Click to collapse
#2
Code:
cat /proc/partitions
cat binary is used to concatenate file(s) and print them to standard output display. In our example, it prints the content of partitions file which is found in proc folder to screen display.
Click to expand...
Click to collapse
#3
Code:
ls -al /dev/block/platform/dw_mmc/by-name
ls binary is used to list directory contents.
-al is the used option for ls which means to include entries that started with "." in long listing format. There are a lot of options for ls binary. You can always print ls --h to display help menu for other options available.
Click to expand...
Click to collapse
#4
Code:
adb remount
Remounts the /system partition on the device read / write. This has been disabled in some devices (those with secure boot image); so you need to make sure that you have patched adbd that can run this command effectively.
Click to expand...
Click to collapse
#5
Code:
su
Used to get super-user privilege.
Click to expand...
Click to collapse
#6
Code:
mount -o remount,[B][COLOR="Red"]rw[/COLOR][/B] /system
Specific command to mount the /system partition on the device read / write (rw).
If you change rw to ro, you will get /system partition mounted as read only.
Click to expand...
Click to collapse
#7
Code:
adb push parted /system/bin/parted
adb push is used to copy file/dir from your local computer to android device. The usual format is adb push <local> <remote>
Click to expand...
Click to collapse
#8
Code:
chmod 0755 /system/bin/parted
chmod binary is used to set permissions for the specified file/dir.
The number after chmod is the permission used. See the next box for better understanding of chmod formatting:
Code:
[CENTER][B][COLOR="Red"]----------------
| CHMOD SCHEME |
----------------[/COLOR][/B][/CENTER]
[B] r w x[/B]
[B]4 2 1 [COLOR="Green"]= 7 (Full Permissions)[/COLOR][/B]
User ( ) ( ) ( ) [B][COLOR="Green"]--> 2nd digit[/COLOR][/B]
Group ( ) ( ) ( ) [B][COLOR="Green"]--> 3rd digit[/COLOR][/B]
Other ( ) ( ) ( ) [B][COLOR="Green"]--> 4th digit[/COLOR][/B]
Special UID GID STK
( ) ( ) ( ) [B][COLOR="Green"]--> 1st digit, ignored on most cases or put 0[/COLOR][/B]
In the above example, it is set to 0755 which means the following scheme:
Code:
[B] r w x[/B]
[B]4 2 1[/B]
User ([B][COLOR="Red"]*[/COLOR][/B]) ([B][COLOR="Red"]*[/COLOR][/B]) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 7 (rwx)[/COLOR][/B]
Group ([B][COLOR="Red"]*[/COLOR][/B]) ( ) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 5 (r-x)[/COLOR][/B]
Other ([B][COLOR="Red"]*[/COLOR][/B]) ( ) ([B][COLOR="Red"]*[/COLOR][/B]) [B][COLOR="Green"]--> This equals to 5 (r-x)[/COLOR][/B]
Special UID GID STK
( ) ( ) ( ) [B][COLOR="Green"]--> This equals to 0 (---)[/COLOR][/B]
As you can see, if you said 0755, it will be as same as saying ---rwxr-xr-x
Click to expand...
Click to collapse
#9
Code:
dd if=/dev/block/mmcblk0p9 of=/sdcard/system.img
dd binary is used to copy a file with converting and formatting.
if means input file; here we pointed to the whole partition, not specific file.
of means outputting file to specific destination path; here it is to sdcard with system.img name.
Click to expand...
Click to collapse
#10
Code:
mkdir -p /mnt/disk
mkdir binary is used to make folder dir.
-p is mkdir option which means to create folder with sub-folder at the same time. Here we want to create mnt folder that contains disk sub-folder in it. If the folder and or sub-folder(s) are already exists, it will not give error but nothing will be created.
Click to expand...
Click to collapse
#11
Code:
mount -o loop yourImage.img /mnt/disk
This is linux way to mount images into specific directory (/mnt/disk in this example).
Click to expand...
Click to collapse
#12
Code:
cd /mnt/disk
cd used to get inside specific dir path.
Click to expand...
Click to collapse
#13
Code:
ls -l
ls binary is used to list directory contents as described above.
-l is the used option for ls which means to list contents in long listing format.
Click to expand...
Click to collapse
Cheers
another way to get common names
on way #2, I've often used:
Code:
cat /proc/emmc
on a few devices to reveal similar info.
Rob
can i able to mount boot.img in android itself...actually i wanted to extract boot.img frm mobile without any tools or without the help of PC...if there be any possibilities..??
hasan4791 said:
can i able to mount boot.img in android itself...actually i wanted to extract boot.img frm mobile without any tools or without the help of PC...if there be any possibilities..??
Click to expand...
Click to collapse
if you mean extract to modify boot.img, then I don't think there is away to do that from device itself in the moment..
if you mean dumping boot.img then yes you can, just install terminal emulator from Google play and you can run adb shell commands directly from the device
Great guide hopefully makes it easier for us to get dumps! if you add logcats etc, i find they have trouble executing "adb logcat >> log.txt" -.-
also you should teach them the easy tar method, so while booted "tar -c /system/* >> /sdcard/system.tar" or via adb shell
ricky310711 said:
Great guide hopefully makes it easier for us to get dumps! if you add logcats etc, i find they have trouble executing "adb logcat >> log.txt" -.-
also you should teach them the easy tar method, so while booted "tar -c /system/* >> /sdcard/system.tar" or via adb shell
Click to expand...
Click to collapse
Yup that is possible and easy to extract but it is only for partitions that is shown in android os,,, you can't use it for boot.img, sbl.bin, modem.bin...etc right
majdinj said:
Yup that is possible and easy to extract but it is only for partitions that is shown in android os,,, you can't use it for boot.img, sbl.bin, modem.bin...etc right
Click to expand...
Click to collapse
ofcoarse, i actually had a project going where it detects all partitions(modems, boot.img, system etc..) that archives itself into a .zip
it was going well until i did something in the script, now it only works on the s3 it shall be continued one day!
Such great tutorial, this is definitely going to come in handy for me. I have a question, how can you dump (extract) a bootloader? Can i use the same method as dumping the ROM?
Could you explain how to extract stock recovery image please?
Sent from my HTC One using xda app-developers app
Where did the parted binary come from?
For Gods Sake
http://forum.xda-developers.com/sho...IDE] Unpack/repack ext4 Android system images
http://forum.xda-developers.com/sho... Creator (deployable over all kernel sources)
http://forum.xda-developers.com/sho...ipt]Backup all paritions on i9505 to odin rom
http://forum.xda-developers.com/sho...al 4.3 TW Custom Rom/ The ORIGINAL WIFI TRICK
... use Forum Search Engine first, then start asking all your 'important' questions
¤ GT-I9505 - powered by KitKat ¤
insink71 said:
on way #2, I've often used:
Code:
cat /proc/emmc
on a few devices to reveal similar info.
Rob
Click to expand...
Click to collapse
Thx for this. On my HTC One there is no "by-name" folder. It only has "by-num". cat /proc/emmc works fine though.
Cheers.
I also wrote a guide, It just using the "by-name"
and needs root
[HOWTO] dump your rom
Code:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/extSdCard/system.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/storage/extSdCard/recovery.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/param of=/storage/extSdCard/param.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/extSdCard/boot.img
Hi,
I tried this on my I-9505G. It is NOT rooted, so I thought I could enter the system through Clockworkmod Recovery.
I did it, but at first I didn't mount the DATA partition (later on I did through CWM Recovery); I still ran the command:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/data/media/TEST/system.img
Thought I hadn't mounted anything, the media folder was still there, I only created the TEST folder.
After the image was created I typed the "ls" command and the system.img file was in /data/media/TEST/.
I then rebooted once again in CWM and ran the "adb shell" command once again, I entered /data/media/ e neither the img file nor the TEST folder I had created were there.
My question is: where have they gone?? Are they still occupying some of my space or they just got deleted automatically when I rebooted??
Please let me know as I'd like to free that extra unuseful 1.2 Gb system.img file.
Anyway, just as side information, I later on mounted the /data through CWM interface and was able to see the folders ("/data/media/0/") I can see by plugging the phone normally to the computer. I then dumped the image.
I have some other questions:
I can I mount the /data folder (or the external SD) via command?
What extention should I give to the other partitions? (All of them)
Why did you say that it's MANDATORY that the phone be rooted if it can be done this way?
Are the images I'm dumping flashable through fastboot?
Thank you all for your time!
Anybody? Please.
•I can I mount the /data folder (or the external SD) via command?
I have not been able to find the SD card in clockwork on the I9505G, hence one of my rooting procedures send the root file vi "adb sideload".
I might be able to pull the data from the phone but the clockwork recovery is still not working 100% when fastbooting it.
•What extention should I give to the other partitions? (All of them)
.img are fine.
•Why did you say that it's MANDATORY that the phone be rooted if it can be done this way?
currently it is required that the phone be unlocked. Something need to be fixed in clockwork to make it work any other way.
•Are the images I'm dumping flashable through fastboot?
They should be, but I have not been able to flash anything on the I9505G vi fastboot because of the secure boot.
without a full official image this make my playing around a little concerning (slowing me down).
I will look into this at my leisure. I would love to be able to pull a rom off a phone with only unlocking it.
I will test some stuff using my old galaxy nexus.
I actually dumped everything WITHOUT being rooted. I only unlocked the bootloader... So it works.
Further, I tried to run "fastboot boot recovery.img" with recovery.img being the image file I dumped. The phone froze and I had to pull the battery... So I assume they're not flashable as well, though I'd like other feedbacks.
I've not clearly understood what "secure boot" means. Any guide or wiki?
Thanks!
---------- Post added at 06:56 PM ---------- Previous post was at 06:55 PM ----------
I actually dumped everything WITHOUT being rooted. I only unlocked the bootloader... So it works.
Further, I tried to run "fastboot boot recovery.img" with recovery.img being the image file I dumped. The phone froze and I had to pull the battery... So I assume they're not flashable as well, though I'd like other feedbacks.
I've not clearly understood what "secure boot" means. Any guide or wiki?
Thanks!
Hey, great guide! I need some help but. I can't retrieve the common names / labels of my devices partitions. It's a GT-i8150 and there is no 'by-name' sub directory. Furthermore, parted does not work on mmcblk0 for some reason (unable to satisfy partition restraints or something). I also have no emmc file in proc.
Does anyone know how some other methods for getting the names of the partitions?
EDIT:
Another question - using ADB shell, is it possible to dump a partition straight from the phone onto the computers hard drive? My little 2GB sd card isn't coping! Thanks
a very basic but good guide
Sent from my GT-P1000 using xda app-developers app
Mod edit: @Vergiliusz Thread closed as duplicate of
Ho to back up of the whole memory block (via adb)
Dears maybe now I can make double post but I hang on that step from guide from this site. Phone is after wipe data and I need rescue data from it for that I want to make RAW image to recover data. What I do until now: adb forward tcp:5555...
forum.xda-developers.com
Please review the XDA Forum Rules with special emphasis on rule no. 5 and post only once - and such a subject not in development!
Regards
Oswald Boelcke
Dears maybe now I can make double post but I hang on that step from guide from this site.
Phone is after wipe data and I need rescue data from it for that I want to make RAW image to recover data.
What I do until now:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0
but in results get:
1|ASUS_I001_1:/ # /system/xbin/busybox nc -1 -p 5555 -e /system/xbin/busybox dd
5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0 <
nc: invalid option -- 1
BusyBox v1.32.0-Stericson (2020-07-18 18:33:24 EDT) multi-call binary.
Usage: nc [OPTIONS] HOST PORT - connect
nc [OPTIONS] -l -p PORT [HOST] [PORT] - listen
-e PROG Run PROG after connect (must be last)
-l Listen mode, for inbound connects
-lk With -e, provides persistent server
-p PORT Local port
-s ADDR Local address
-w SEC Timeout for connects and final net reads
-i SEC Delay interval for lines sent
-n Don't do DNS resolution
-u UDP mode
-v Verbose
-o FILE Hex dump traffic
-z Zero-I/O mode (scanning)
1|ASUS_I001_1:/ #
Why I get that this parameter is invalid:
nc: invalid option -- 1
And to